giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

IAS/ECC: add IAS/ECC card specific files ... 

as it was announced in 
http://www.opensc-project.org/pipermail/opensc-devel/2011-January/015756.html


git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5197 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
vtarasov 2011-02-16 10:55:05 +00:00
parent ce116f42b6
commit 57b7a81c3a
12 changed files with 7473 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3075
src/libopensc/card-iasecc.c Normal file
View File

File diff suppressed because it is too large Load Diff

1224
src/libopensc/iasecc-sdo.c Normal file
View File

File diff suppressed because it is too large Load Diff

309
src/libopensc/iasecc-sdo.h Normal file
View File

@ -0,0 +1,309 @@
/*
* iasecc-sdo.h: Support for IAS/ECC smart cards
*
* Copyright (C) 2010 Viktor Tarasov <vtarasov@opentrust.com>
* OpenTrust <www.opentrust.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef SC_IASECC_SDO_H
#define SC_IASECC_SDO_H
#include "types.h"
#define IASECC_SDO_TAG_HEADER 0xBF
#define IASECC_SDO_TEMPLATE_TAG 0x70
#define IASECC_DOCP_TAG 0xA0
#define IASECC_DOCP_TAG_NAME 0x84
#define IASECC_DOCP_TAG_TRIES_MAXIMUM 0x9A
#define IASECC_DOCP_TAG_TRIES_REMAINING 0x9B
#define IASECC_DOCP_TAG_USAGE_MAXIMUM 0x9C
#define IASECC_DOCP_TAG_USAGE_REMAINING 0x9D
#define IASECC_DOCP_TAG_NON_REPUDATION 0x9E
#define IASECC_DOCP_TAG_SIZE 0x80
#define IASECC_DOCP_TAG_ACLS 0xA1
#define IASECC_DOCP_TAG_ACLS_CONTACT 0x8C
#define IASECC_DOCP_TAG_ACLS_CONTACTLESS 0x9C
#define IASECC_DOCP_TAG_ISSUER_DATA_BER 0xA5
#define IASECC_DOCP_TAG_ISSUER_DATA 0x85
#define IASECC_ACLS_CHV_CHANGE 0
#define IASECC_ACLS_CHV_VERIFY 1
#define IASECC_ACLS_CHV_RESET 2
#define IASECC_ACLS_CHV_PUT_DATA 5
#define IASECC_ACLS_CHV_GET_DATA 6
#define IASECC_ACLS_RSAKEY_PSO_SIGN 0
#define IASECC_ACLS_RSAKEY_INTERNAL_AUTH 1
#define IASECC_ACLS_RSAKEY_PSO_DECIPHER 2
#define IASECC_ACLS_RSAKEY_GENERATE 3
#define IASECC_ACLS_RSAKEY_PUT_DATA 5
#define IASECC_ACLS_RSAKEY_GET_DATA 6
#define IASECC_SDO_CHV_TAG 0x7F41
#define IASECC_SDO_CHV_TAG_SIZE_MAX 0x80
#define IASECC_SDO_CHV_TAG_SIZE_MIN 0x81
#define IASECC_SDO_CHV_TAG_VALUE 0x82
#define IASECC_SDO_PRVKEY_TAG 0x7F48
#define IASECC_SDO_PRVKEY_TAG_P 0x92
#define IASECC_SDO_PRVKEY_TAG_Q 0x93
#define IASECC_SDO_PRVKEY_TAG_IQMP 0x94
#define IASECC_SDO_PRVKEY_TAG_DMP1 0x95
#define IASECC_SDO_PRVKEY_TAG_DMQ1 0x96
#define IASECC_SDO_PRVKEY_TAG_COMPULSORY 0x80
#define IASECC_SDO_PUBKEY_TAG 0x7F49
#define IASECC_SDO_PUBKEY_TAG_N 0x81
#define IASECC_SDO_PUBKEY_TAG_E 0x82
#define IASECC_SDO_PUBKEY_TAG_COMPULSORY 0x80
#define IASECC_SDO_PUBKEY_TAG_CHR 0x5F20
#define IASECC_SDO_PUBKEY_TAG_CHA 0x5F4C
#define IASECC_SDO_KEYSET_TAG 0xA2
#define IASECC_SDO_KEYSET_TAG_MAC 0x90
#define IASECC_SDO_KEYSET_TAG_ENC 0x91
#define IASECC_SDO_KEYSET_TAG_COMPULSORY 0x80
#define IASECC_SCB_METHOD_NEED_ALL 0x80
#define IASECC_SCB_METHOD_MASK 0x70
#define IASECC_SCB_METHOD_MASK_REF 0x0F
#define IASECC_SCB_METHOD_SM 0x40
#define IASECC_SCB_METHOD_EXT_AUTH 0x20
#define IASECC_SCB_METHOD_USER_AUTH 0x10
#define IASECC_SCB_NEVER 0xFF
#define IASECC_SCB_ALWAYS 0x00
#define IASECC_SDO_CLASS_CHV 0x01
#define IASECC_SDO_CLASS_KEYSET 0x0A
#define IASECC_SDO_CLASS_RSA_PRIVATE 0x10
#define IASECC_SDO_CLASS_RSA_PUBLIC 0x20
#define IASECC_SDO_CLASS_SE 0x7B
#define IASECC_CRT_TAG_AT 0xA4
#define IASECC_CRT_TAG_CT 0xB8
#define IASECC_CRT_TAG_CCT 0xB4
#define IASECC_CRT_TAG_DST 0xB6
#define IASECC_CRT_TAG_HT 0xAA
#define IASECC_CRT_TAG_KAT 0xA6
#define IASECC_CRT_TAG_USAGE 0x95
#define IASECC_CRT_TAG_REFERENCE 0x83
#define IASECC_CRT_TAG_ALGO 0x80
#define IASECC_ALGORITHM_SYMMETRIC 0x0C
#define IASECC_ALGORITHM_DH 0x0B
#define IASECC_ALGORITHM_RSA_PKCS 0x02
#define IASECC_ALGORITHM_RSA_9796_2 0x01
#define IASECC_ALGORITHM_RSA_PKCS_DECRYPT 0x0A
#define IASECC_ALGORITHM_SHA1 0x10
#define IASECC_ALGORITHM_SHA2 0x40
#define IASECC_ALGORITHM_ROLE_AUTH 0x1C
#define IASECC_ALGORITHM_SYMMETRIC_SHA1 0x0C
#define IASECC_ALGORITHM_SYMMETRIC_SHA256 0x8C
#define IASECC_UQB_AT_MUTUAL_AUTHENTICATION 0xC0
#define IASECC_UQB_AT_EXTERNAL_AUTHENTICATION 0x80
#define IASECC_UQB_AT_AUTHENTICATION 0x40
#define IASECC_UQB_AT_USER_PASSWORD 0x08
#define IASECC_UQB_AT_USER_BIOMETRIC 0x04
#define IASECC_UQB_DST_VERIFICATION 0x80
#define IASECC_UQB_DST_COMPUTATION 0x40
#define IASECC_UQB_CT_ENCIPHERMENT 0x80
#define IASECC_UQB_CT_DECIPHERMENT 0x40
#define IASECC_UQB_CT_SM_RESPONSE 0x20
#define IASECC_UQB_CT_SM_COMMAND 0x10
#define IASECC_UQB_CCT_VERIFICATION 0x80
#define IASECC_UQB_CCT_COMPUTATION 0x40
#define IASECC_UQB_CCT_SM_RESPONSE 0x20
#define IASECC_UQB_CCT_SM_COMMAND 0x10
#define IASECC_UQB_KAT 0x80
#define IASECC_ACL_GET_DATA 0x01
#define IASECC_ACL_PUT_DATA 0x02
#define IASECC_ACL_GENERATE_KEY 0x08
#define IASECC_ACL_PSO_DECIPHER 0x10
#define IASECC_ACL_INTERNAL_AUTHENTICATE 0x20
#define IASECC_ACL_PSO_SIGNATURE 0x40
#define IASECC_SDO_TAGS_UPDATE_MAX 16
#define IASECC_SE_CRTS_MAX 24
#define _MAKE_IASECC_SDO_MAGIC(a, b, c, d) (((a) << 24) | ((b) << 16) | ((c) << 8) | ((d)))
#define IASECC_SDO_MAGIC _MAKE_IASECC_SDO_MAGIC('E', 'C', 'S', 'D')
#define IASECC_SDO_MAGIC_UPDATE _MAKE_IASECC_SDO_MAGIC('E', 'C', 'U', 'D')
#define IASECC_SDO_MAGIC_UPDATE_RSA _MAKE_IASECC_SDO_MAGIC('E', 'C', 'U', 'R')
#define IASECC_MAX_SCBS 7
#define IASECC_MAX_CRTS_IN_SE 24
struct iasecc_extended_tlv {
unsigned tag;
unsigned parent_tag;
unsigned char *value;
size_t size;
unsigned on_card;
};
struct iasecc_sdo_docp {
struct iasecc_extended_tlv name;
struct iasecc_extended_tlv tries_maximum;
struct iasecc_extended_tlv tries_remaining;
struct iasecc_extended_tlv usage_maximum;
struct iasecc_extended_tlv usage_remaining;
struct iasecc_extended_tlv non_repudiation;
struct iasecc_extended_tlv size;
struct iasecc_extended_tlv acls_contact;
struct iasecc_extended_tlv acls_contactless;
struct iasecc_extended_tlv issuer_data;
unsigned char amb, scbs[IASECC_MAX_SCBS];
};
struct iasecc_sdo_chv {
struct iasecc_extended_tlv size_max;
struct iasecc_extended_tlv size_min;
struct iasecc_extended_tlv value;
};
struct iasecc_sdo_prvkey {
struct iasecc_extended_tlv p;
struct iasecc_extended_tlv q;
struct iasecc_extended_tlv iqmp;
struct iasecc_extended_tlv dmp1;
struct iasecc_extended_tlv dmq1;
struct iasecc_extended_tlv compulsory;
};
struct iasecc_sdo_pubkey {
struct iasecc_extended_tlv n;
struct iasecc_extended_tlv e;
struct iasecc_extended_tlv compulsory;
struct iasecc_extended_tlv chr;
struct iasecc_extended_tlv cha;
};
struct iasecc_sdo_keyset {
struct iasecc_extended_tlv mac;
struct iasecc_extended_tlv enc;
struct iasecc_extended_tlv compulsory;
};
struct iasecc_sdo {
unsigned char sdo_class;
unsigned char sdo_ref;
unsigned int usage;
struct iasecc_sdo_docp docp;
union {
struct iasecc_sdo_chv chv;
struct iasecc_sdo_prvkey prv_key;
struct iasecc_sdo_pubkey pub_key;
struct iasecc_sdo_keyset keyset;
} data;
unsigned not_on_card;
unsigned magic;
};
struct iasecc_sdo_update {
unsigned char sdo_class;
unsigned char sdo_ref;
struct iasecc_extended_tlv fields[IASECC_SDO_TAGS_UPDATE_MAX];
unsigned char acl_method, acl_ref;
unsigned magic;
};
struct iasecc_sdo_rsa_update {
struct iasecc_sdo *sdo_prv_key;
struct iasecc_sdo *sdo_pub_key;
struct sc_pkcs15_prkey_rsa *p15_rsa;
struct iasecc_sdo_update update_prv;
struct iasecc_sdo_update update_pub;
unsigned magic;
};
struct iasecc_se_info {
struct iasecc_sdo_docp docp;
int reference;
struct sc_crt crts[SC_MAX_CRTS_IN_SE];
struct sc_file *df;
struct iasecc_se_info *next;
unsigned magic;
};
struct iasecc_sm_card_answer {
unsigned char data[SC_MAX_APDU_BUFFER_SIZE];
size_t data_len;
unsigned sw;
unsigned char mac[8];
unsigned char ticket[14];
};
struct iasecc_ctl_get_free_reference {
size_t key_size;
unsigned usage;
unsigned access;
int index;
};
enum IASECC_KEY_TYPE {
IASECC_SDO_CLASS_RSA_PRV = 0x10,
IASECC_SDO_CLASS_RSA_PUB = 0x20
};
struct sc_card;
int iasecc_sdo_convert_acl(struct sc_card *card, struct iasecc_sdo *, unsigned char, unsigned *, unsigned *);
void iasecc_sdo_free_fields(struct sc_card *card, struct iasecc_sdo *);
void iasecc_sdo_free(struct sc_card *, struct iasecc_sdo *);
int iasecc_se_parse(struct sc_card *, unsigned char *, size_t, struct iasecc_se_info *);
int iasecc_sdo_parse(struct sc_card *, unsigned char *, size_t, struct iasecc_sdo *);
int iasecc_sdo_allocate_and_parse(struct sc_card *, unsigned char *, size_t, struct iasecc_sdo **);
int iasecc_encode_size(size_t, unsigned char *);
int iasecc_encode_docp(struct sc_card *, struct iasecc_sdo_docp *, unsigned char **, size_t *);
int iasecc_sdo_encode_update_field(struct sc_context *, unsigned char, unsigned char,
struct iasecc_extended_tlv *, unsigned char **);
int iasecc_se_get_crt(struct sc_card *, struct iasecc_se_info *, struct sc_crt *);
int iasecc_se_get_crt_by_usage(struct sc_card *, struct iasecc_se_info *,
unsigned char, unsigned char, struct sc_crt *);
int iasecc_sdo_encode_rsa_update(struct sc_context *, struct iasecc_sdo *, struct sc_pkcs15_prkey_rsa *, struct iasecc_sdo_update *);
int iasecc_sdo_parse_card_answer(struct sc_context *ctx, unsigned char *data, size_t data_len, struct iasecc_sm_card_answer *out);
int iasecc_docp_copy(struct sc_context *ctx, struct iasecc_sdo_docp *in, struct iasecc_sdo_docp *out);
#endif

140
src/libopensc/iasecc.h Normal file
View File

@ -0,0 +1,140 @@
/*
* iasecc.h Support for IAS/ECC smart cards
*
* Copyright (C) 2010 Viktor Tarasov <vtarasov@opentrust.com>
* OpenTrust <www.opentrust.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef _OPENSC_IASECC_H
#define _OPENSC_IASECC_H
#include "errors.h"
#include "types.h"
#include "iasecc-sdo.h"
#define ISO7812_PAN_SN_TAG 0x5A
#define ISO7812_PAN_LENGTH 0x0C
#ifndef SHA256_DIGEST_LENGTH
#define SHA_DIGEST_LENGTH 20
#define SHA256_DIGEST_LENGTH 32
#endif
#ifndef CKM_RSA_PKCS
#define CKM_RSA_PKCS 0x00000001
#define CKM_SHA1_RSA_PKCS 0x00000006
#define CKM_SHA256_RSA_PKCS 0x00000040
#define CKM_SHA_1 0x00000220
#define CKM_SHA256 0x00000250
#endif
#define IASECC_TITLE "IASECC"
#define IASECC_FCP_TAG 0x62
#define IASECC_FCP_TAG_SIZE 0x80
#define IASECC_FCP_TAG_TYPE 0x82
#define IASECC_FCP_TAG_FID 0x83
#define IASECC_FCP_TAG_NAME 0x84
#define IASECC_FCP_TAG_SFID 0x88
#define IASECC_FCP_TAG_ACLS 0xA1
#define IASECC_FCP_TAG_ACLS_CONTACT 0x8C
#define IASECC_FCP_TYPE_EF 0x01
#define IASECC_FCP_TYPE_DF 0x38
#define IASECC_OBJECT_REF_LOCAL 0x80
#define IASECC_OBJECT_REF_GLOBAL 0x00
#define IASECC_OBJECT_REF_MIN 0x01
#define IASECC_OBJECT_REF_MAX 0x1F
#define IASECC_SE_REF_MIN 0x01
#define IASECC_SE_REF_MAX 0x0F
/* IAS/ECC interindustry data tags */
#define IASECC_ATR_TAG_IO_BUFFER_SIZES 0xE0
#define IASECC_SFI_EF_DIR 0x1E
#define IASECC_SFI_EF_ATR 0x1D
#define IASECC_SFI_EF_SN 0x1C
#define IASECC_SFI_EF_DH 0x1B
#define IASECC_READ_BINARY_LENGTH_MAX 0xE7
#define IASECC_PSO_HASH_TAG_PARTIAL 0x90
#define IASECC_PSO_HASH_TAG_REMAINING 0x80
#define IASECC_CARD_ANSWER_TAG_DATA 0x87
#define IASECC_CARD_ANSWER_TAG_SW 0x99
#define IASECC_CARD_ANSWER_TAG_MAC 0x8E
#define IASECC_SM_DO_TAG_TLE 0x97
#define IASECC_SM_DO_TAG_TSW 0x99
#define IASECC_SM_DO_TAG_TCC 0x8E
#define IASECC_SM_DO_TAG_TCG_ODD_INS 0x85
#define IASECC_SM_DO_TAG_TCG_EVEN_INS 0x87
#define IASECC_SM_DO_TAG_TCG 0x87
#define IASECC_SM_DO_TAG_TBR 0x85
struct sc_security_env;
typedef struct iasecc_qsign_data {
int hash_algo;
unsigned char hash[SHA256_DIGEST_LENGTH];
size_t hash_size;
unsigned char pre_hash[SHA256_DIGEST_LENGTH];
size_t pre_hash_size;
unsigned char counter[8];
unsigned char last_block[64];
size_t last_block_size;
} iasecc_qsign_data_t;
struct iasecc_version {
unsigned char ic_manufacturer;
unsigned char ic_type;
unsigned char os_version;
unsigned char iasecc_version;
};
struct iasecc_io_buffer_sizes {
size_t send;
size_t send_sc;
size_t recv;
size_t recv_sc;
};
struct iasecc_private_data {
struct iasecc_version version;
struct iasecc_io_buffer_sizes max_sizes;
struct sc_security_env security_env;
size_t key_size;
unsigned op_method, op_ref;
struct iasecc_se_info *se_info;
};
int sm_iasecc_rsa_generate(struct sc_card *card, unsigned security_condition,
struct iasecc_sdo *sdo);
#endif

187
src/pkcs15init/ias_adele_admin1.profile Normal file
View File

@ -0,0 +1,187 @@
#
# PKCS15 r/w profile for Oberthur cards
#
cardinfo {
label = "IAS";
manufacturer = "IAS Gemalto";
max-pin-length = 4;
min-pin-length = 4;
pin-encoding = ascii-numeric;
pin-pad-char = 0xFF;
}
pkcs15 {
# Put certificates into the CDF itself?
direct-certificates = no;
# Put the DF length into the ODF file?
encode-df-length = no;
# Have a lastUpdate field in the EF(TokenInfo)?
do-last-update = yes;
}
option ecc {
macros {
odf-size = 96;
aodf-size = 300;
cdf-size = 3000;
prkdf-size = 6700;
pukdf-size = 2300;
dodf-size = 3000;
skdf-size = 3000;
}
}
# Define reasonable limits for PINs and PUK
# Note that we do not set a file path or reference
# here; that is done dynamically.
PIN user-pin {
attempts = 5;
max-length = 4;
min-length = 4;
flags = 0x10; # initialized
reference = 1;
}
PIN so-pin {
auth-id = FF;
attempts = 5;
max-length = 4;
min-length = 4;
flags = 0xB2;
reference = 2
}
# Additional filesystem info.
# This is added to the file system info specified in the
# main profile.
filesystem {
DF MF {
ACL = *=CHV4;
path = 3F00;
type = DF;
# This is the DIR file
EF DIR {
type = EF;
file-id = 2F00;
size = 128;
acl = *=NONE;
}
# Here comes the application DF
DF PKCS15-AppDF {
type = DF;
aid = E8:28:BD:08:0F:D2:50:00:00:04:01:01;
acl = *=NONE;
size = 5000;
EF PKCS15-ODF {
file-id = 5031;
size = 96;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
EF PKCS15-TokenInfo {
file-id = 5032;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
}
DF Adele-AppDF {
type = DF;
aid = D2:50:00:00:04:41:64:E8:6C:65:01:01;
acl = *=NONE;
size = 5000;
EF PKCS15-AODF {
file-id = 7001;
size = 300;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
EF PKCS15-PrKDF {
file-id = 7002;
size = 6700;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
EF PKCS15-PuKDF {
file-id = 7004;
size = 2300;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
EF PKCS15-SKDF {
file-id = 7003;
size = 3000;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
EF PKCS15-CDF {
file-id = 7005;
size = 3000;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
EF PKCS15-DODF {
file-id = 7006;
size = 3000;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
template key-domain {
# Private RSA keys
BSO private-key {
ACL = *=NEVER;
ACL = SIGN=SCBx17, AUTHENTICATE=SCBx17, DECIPHER=SCBx17, GENERATE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
# Private DES keys
BSO private-des {
size = 24; # 192 bits
# READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM
}
# Private data
EF private-data {
file-id = F000;
size = 36;
ACL = *=NONE;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=SCBx17;
}
# Certificate
EF certificate {
# for the profiles 'ADELE Admin. 1 & 2'
# file-id: auth: A001; sign: A002; encr: A003;
#
file-id = B000;
ACL = *=NEVER;
ACL = UPDATE=SCBx17, READ=NONE, DELETE=NONE;
}
#Public Key
BSO public-key {
ACL = *=NEVER;
ACL = AUTHENTICATE=SCBx17, GENERATE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
# Public DES keys
BSO public-des {
size = 24; # 192 bits
ACL = *=NONE;
}
# Public data
EF public-data {
file-id = D000;
ACL = *=NONE;
ACL = WRITE=SCBx17, UPDATE=SCBx17, DELETE=NONE;
}
}
}
}
}

183
src/pkcs15init/ias_adele_admin2.profile Normal file
View File

@ -0,0 +1,183 @@
#
# PKCS15 r/w profile for Oberthur cards
#
cardinfo {
label = "IAS";
manufacturer = "IAS Gemalto";
max-pin-length = 4;
min-pin-length = 4;
pin-encoding = ascii-numeric;
pin-pad-char = 0xFF;
# Delete or not the public key when inconporating the
# corresponding certificate.
keep-public-key = yes; # yes/no
}
pkcs15 {
# Put certificates into the CDF itself?
direct-certificates = no;
# Put the DF length into the ODF file?
encode-df-length = no;
# Have a lastUpdate field in the EF(TokenInfo)?
do-last-update = yes;
}
option ecc {
macros {
odf-size = 96;
aodf-size = 300;
cdf-size = 3000;
prkdf-size = 6700;
pukdf-size = 2300;
dodf-size = 3000;
skdf-size = 3000;
}
}
# Define reasonable limits for PINs and PUK
# Note that we do not set a file path or reference
# here; that is done dynamically.
PIN user-pin {
attempts = 5;
max-length = 4;
min-length = 4;
flags = 0x10; # initialized
reference = 1;
}
PIN so-pin {
auth-id = FF;
attempts = 5;
max-length = 4;
min-length = 4;
flags = 0xB2;
reference = 2
}
# Additional filesystem info.
# This is added to the file system info specified in the
# main profile.
filesystem {
DF MF {
ACL = *=CHV4;
path = 3F00;
type = DF;
# This is the DIR file
EF DIR {
type = EF;
file-id = 2F00;
size = 128;
acl = *=NONE;
}
# Here comes the application DF
DF PKCS15-AppDF {
type = DF;
aid = E8:28:BD:08:0F:D2:50:00:00:04:02:01;
acl = *=NONE;
size = 5000;
EF PKCS15-ODF {
file-id = 5031;
size = 96;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
EF PKCS15-TokenInfo {
file-id = 5032;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
EF PKCS15-AODF {
file-id = 7001;
size = 300;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
EF PKCS15-PrKDF {
file-id = 7002;
size = 6700;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
EF PKCS15-PuKDF {
file-id = 7004;
size = 2300;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
EF PKCS15-SKDF {
file-id = 7003;
size = 3000;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
EF PKCS15-CDF {
file-id = 7005;
size = 3000;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
EF PKCS15-DODF {
file-id = 7006;
size = 3000;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
template key-domain {
# Private RSA keys
BSO private-key {
ACL = *=NEVER;
ACL = SIGN=SCBx17, AUTHENTICATE=SCBx17, DECIPHER=SCBx17, GENERATE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
# Private DES keys
BSO private-des {
size = 24; # 192 bits
# READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM
}
# Private data
EF private-data {
file-id = F000;
size = 36;
ACL = *=NONE;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=SCBx17;
}
# Certificate
EF certificate {
# for the profiles 'ADELE Admin. 1 & 2'
# file-id: auth: A001; sign: A002; encr: A003;
file-id = B000;
ACL = *=NEVER;
ACL = UPDATE=SCBx17, READ=NONE, DELETE=NONE;
}
#Public Key
BSO public-key {
ACL = *=NEVER;
ACL = AUTHENTICATE=SCBx17, GENERATE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
# Public DES keys
BSO public-des {
size = 24; # 192 bits
ACL = *=NONE;
}
# Public data
EF public-data {
file-id = D000;
ACL = *=NONE;
ACL = WRITE=SCBx17, UPDATE=SCBx17, DELETE=NONE;
}
}
}
}
}

178
src/pkcs15init/ias_adele_common.profile Normal file
View File

@ -0,0 +1,178 @@
#
# PKCS15 r/w profile for Oberthur cards
#
cardinfo {
label = "IAS";
manufacturer = "IAS Gemalto";
max-pin-length = 4;
min-pin-length = 4;
pin-encoding = ascii-numeric;
pin-pad-char = 0xFF;
}
pkcs15 {
# Put certificates into the CDF itself?
direct-certificates = no;
# Put the DF length into the ODF file?
encode-df-length = no;
# Have a lastUpdate field in the EF(TokenInfo)?
do-last-update = yes;
}
option ecc {
macros {
odf-size = 96;
aodf-size = 300;
cdf-size = 3000;
prkdf-size = 6700;
pukdf-size = 2300;
dodf-size = 3000;
skdf-size = 3000;
}
}
# Define reasonable limits for PINs and PUK
# Note that we do not set a file path or reference
# here; that is done dynamically.
PIN user-pin {
attempts = 5;
max-length = 4;
min-length = 4;
flags = 0x10; # initialized
reference = 1;
}
PIN so-pin {
auth-id = FF;
attempts = 5;
max-length = 4;
min-length = 4;
flags = 0xB2;
reference = 2
}
# Additional filesystem info.
# This is added to the file system info specified in the
# main profile.
filesystem {
DF MF {
ACL = *=CHV4;
path = 3F00;
type = DF;
# This is the DIR file
EF DIR {
type = EF;
file-id = 2F00;
size = 128;
acl = *=NONE;
}
# Here comes the application DF
DF PKCS15-AppDF {
type = DF;
aid = E8:28:BD:08:0F:D2:50:00:00:04:03:01;
acl = *=NONE;
size = 5000;
EF PKCS15-ODF {
file-id = 5031;
size = 96;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
EF PKCS15-TokenInfo {
file-id = 5032;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
EF PKCS15-AODF {
file-id = 7001;
size = 300;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
EF PKCS15-PrKDF {
file-id = 7002;
size = 6700;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
EF PKCS15-PuKDF {
file-id = 7004;
size = 2300;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
EF PKCS15-SKDF {
file-id = 7003;
size = 3000;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
EF PKCS15-CDF {
file-id = 7005;
size = 3000;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
EF PKCS15-DODF {
file-id = 7006;
size = 3000;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
template key-domain {
# Private RSA keys
BSO private-key {
ACL = *=NEVER;
ACL = SIGN=SCBx17, AUTHENTICATE=SCBx17, DECIPHER=SCBx17, GENERATE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
# Private DES keys
BSO private-des {
size = 24; # 192 bits
# READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM
}
# Private data
EF private-data {
file-id = F000;
size = 36;
ACL = *=NONE;
ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=SCBx17;
}
# Certificate
EF certificate {
# for the profiles 'ADELE Admin. 1 & 2'
# file-id: auth: A001; sign: A002; encr: A003;
file-id = B000;
ACL = *=NEVER;
ACL = UPDATE=SCBx17, READ=NONE, DELETE=NONE;
}
#Public Key
BSO public-key {
ACL = *=NEVER;
ACL = AUTHENTICATE=SCBx17, GENERATE=SCBx17, UPDATE=SCBx17, READ=NONE;
}
# Public DES keys
BSO public-des {
size = 24; # 192 bits
ACL = *=NONE;
}
# Public data
EF public-data {
file-id = D000;
ACL = *=NONE;
ACL = WRITE=SCBx17, UPDATE=SCBx17, DELETE=NONE;
}
}
}
}
}

113
src/pkcs15init/iasecc.profile Normal file
View File

@ -0,0 +1,113 @@
#
# PKCS15 r/w profile for Oberthur cards
#
cardinfo {
label = "IAS";
manufacturer = "IAS Gemalto";
max-pin-length = 4;
min-pin-length = 4;
pin-encoding = ascii-numeric;
pin-pad-char = 0xFF;
}
pkcs15 {
# Put certificates into the CDF itself?
direct-certificates = no;
# Put the DF length into the ODF file?
encode-df-length = no;
# Have a lastUpdate field in the EF(TokenInfo)?
do-last-update = yes;
}
option ecc {
macros {
odf-size = 96;
aodf-size = 300;
cdf-size = 3000;
prkdf-size = 6700;
pukdf-size = 2300;
dodf-size = 3000;
skdf-size = 3000;
}
}
# Define reasonable limits for PINs and PUK
# Note that we do not set a file path or reference
# here; that is done dynamically.
PIN user-pin {
attempts = 5;
max-length = 4;
min-length = 4;
flags = 0x10; # initialized
reference = 1;
}
PIN so-pin {
auth-id = FF;
attempts = 5;
max-length = 4;
min-length = 4;
flags = 0xB2;
reference = 2
}
# CHV5 used for Oberthur's specifique access condition "PIN or SOPIN"
# Any value for this pin can given, when the OpenSC tools are asking for.
# Additional filesystem info.
# This is added to the file system info specified in the
# main profile.
filesystem {
DF MF {
ACL = *=CHV4;
path = 3F00;
type = DF;
# This is the DIR file
EF DIR {
type = EF;
file-id = 2F00;
size = 128;
acl = *=NONE;
}
# Here comes the application DF
DF CIA-Adele-AppDF {
type = DF;
exclusive-aid = E8:28:BD:08:0F:D2:50:00:00:04:01:01;
profile-extention = "ias_adele_admin1";
}
DF AdeleAdmin2-AppDF {
type = DF;
exclusive-aid = E8:28:BD:08:0F:D2:50:00:00:04:02:01;
profile-extention = "ias_adele_admin2";
}
DF AdeleCommon-AppDF {
type = DF;
exclusive-aid = E8:28:BD:08:0F:D2:50:00:00:04:03:01;
profile-extention = "ias_adele_common";
}
DF ECCeID-AppDF {
type = DF;
exclusive-aid = E8:28:BD:08:0F:D2:50:45:43:43:2D:65:49:44;
profile-extention = "iasecc_admin_eid";
}
DF ECCGeneric-AppDF {
type = DF;
exclusive-aid = E8:28:BD:08:0F:D2:50:47:65:6E:65:72:69:63;
profile-extention = "iasecc_generic_pki";
}
DF ECCGenericOberthur-AppDF {
type = DF;
exclusive-aid = E8:28:BD:08:0F:F2:50:4F:54:20:41:57:50;
profile-extention = "iasecc_generic_oberthur";
}
}
}

182
src/pkcs15init/iasecc_admin_eid.profile Normal file
View File

@ -0,0 +1,182 @@
#
# PKCS15 r/w profile for Oberthur cards
#
cardinfo {
label = "ECC v1.0.1";
manufacturer = "Gemalto";
max-pin-length = 4;
min-pin-length = 4;
pin-encoding = ascii-numeric;
pin-pad-char = 0xFF;
}
pkcs15 {
# Put certificates into the CDF itself?
direct-certificates = no;
# Put the DF length into the ODF file?
encode-df-length = no;
# Have a lastUpdate field in the EF(TokenInfo)?
do-last-update = yes;
}
option ecc {
macros {
odf-size = 96;
aodf-size = 300;
cdf-size = 3000;
prkdf-size = 6700;
pukdf-size = 2300;
dodf-size = 3000;
skdf-size = 3000;
}
}
# Define reasonable limits for PINs and PUK
# Note that we do not set a file path or reference
# here; that is done dynamically.
PIN user-pin {
attempts = 5;
max-length = 4;
min-length = 4;
flags = 0x10; # initialized
reference = 1;
}
PIN so-pin {
auth-id = FF;
attempts = 5;
max-length = 4;
min-length = 4;
flags = 0xB2;
reference = 2
}
# CHV5 used for Oberthur's specifique access condition "PIN or SOPIN"
# Any value for this pin can given, when the OpenSC tools are asking for.
# Additional filesystem info.
# This is added to the file system info specified in the
# main profile.
filesystem {
DF MF {
ACL = *=CHV4;
path = 3F00;
type = DF;
# This is the DIR file
EF DIR {
type = EF;
file-id = 2F00;
size = 128;
acl = *=NONE;
}
# Here comes the application DF
DF PKCS15-AppDF {
type = DF;
aid = E8:28:BD:08:0F:D2:50:45:43:43:2D:65:49:44;
acl = *=NONE;
size = 5000;
EF PKCS15-ODF {
file-id = 5031;
size = 60;
ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE;
}
EF PKCS15-TokenInfo {
file-id = 5032;
size = 400;
ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE;
}
EF PKCS15-AODF {
file-id = 7001;
size = 225;
ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE;
}
EF PKCS15-PrKDF {
file-id = 7002;
size = 450;
ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE;
}
EF PKCS15-PuKDF {
file-id = 7004;
size = 450;
ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE;
}
EF PKCS15-SKDF {
file-id = 7003;
size = 450;
ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE;
}
EF PKCS15-CDF {
file-id = 7005;
size = 300;
ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE;
}
EF PKCS15-DODF {
file-id = 7006;
size = 650;
ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE;
}
template key-domain {
# Private RSA keys
BSO private-key {
ACL = *=NEVER;
ACL = SIGN=SCBx13, AUTHENTICATE=SCBx13, DECIPHER=SCBx13, GENERATE=SCBx44, UPDATE=SCBx44, READ=NONE;
}
# Private DES keys
BSO private-des {
size = 24; # 192 bits
# READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM
}
# Private data
EF private-data {
file-id = E000;
size = 36;
ACL = *=NONE;
ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=SCBx13;
}
# Certificate
EF certificate {
file-id = B000;
ACL = *=NEVER;
ACL = UPDATE=SCBx44, READ=NONE, DELETE=NONE;
}
#Public Key
BSO public-key {
ACL = *=NEVER;
ACL = AUTHENTICATE=SCBx13, GENERATE=SCBx44, UPDATE=SCBx44, READ=NONE;
}
# Public DES keys
BSO public-des {
size = 24; # 192 bits
ACL = *=NONE;
}
# Public data
EF public-data {
file-id = D000;
ACL = *=NONE;
ACL = WRITE=IDAxC1, UPDATE=IDAxC1, DELETE=NONE;
}
}
}
}
}

176
src/pkcs15init/iasecc_generic_oberthur.profile Normal file
View File

@ -0,0 +1,176 @@
#
# PKCS15 r/w profile for Oberthur cards
#
cardinfo {
label = "IAS/ECC v1.0.1";
manufacturer = "OpenSC/Oberthur";
max-pin-length = 4;
min-pin-length = 4;
pin-encoding = ascii-numeric;
pin-pad-char = 0xFF;
}
pkcs15 {
# Put certificates into the CDF itself?
direct-certificates = no;
# Put the DF length into the ODF file?
encode-df-length = no;
# Have a lastUpdate field in the EF(TokenInfo)?
do-last-update = yes;
}
option ecc {
macros {
odf-size = 96;
aodf-size = 300;
cdf-size = 3000;
prkdf-size = 6700;
pukdf-size = 2300;
dodf-size = 3000;
skdf-size = 3000;
}
}
# Define reasonable limits for PINs and PUK
# Note that we do not set a file path or reference
# here; that is done dynamically.
PIN user-pin {
attempts = 5;
max-length = 4;
min-length = 4;
flags = 0x10; # initialized
reference = 0xC1;
}
PIN so-pin {
auth-id = FF;
attempts = 5;
max-length = 4;
min-length = 4;
flags = 0xB2;
reference = 2
}
# Additional filesystem info.
# This is added to the file system info specified in the
# main profile.
filesystem {
DF MF {
ACL = *=CHV4;
path = 3F00;
type = DF;
# This is the DIR file
EF DIR {
type = EF;
file-id = 2F00;
size = 128;
acl = *=NONE;
}
# Here comes the application DF
DF PKCS15-AppDF {
type = DF;
aid = E8:28:BD:08:0F:F2:50:4F:54:20:41:57:50;
acl = *=NONE;
size = 5000;
EF PKCS15-ODF {
file-id = 5031;
ACL = *=NEVER;
ACL = READ=NONE;
}
EF PKCS15-TokenInfo {
file-id = 5032;
ACL = *=NEVER;
ACL = READ=NONE;
}
EF PKCS15-AODF {
file-id = 7001;
ACL = *=NEVER;
ACL = READ=NONE;
}
EF PKCS15-PrKDF {
file-id = 7002;
ACL = *=NEVER;
ACL = WRITE=SCB0x12, UPDATE=SCB0x12, READ=NONE;
}
EF PKCS15-PuKDF {
file-id = 7004;
ACL = *=NEVER;
ACL = WRITE=SCB0x12, UPDATE=SCB0x12, READ=NONE;
}
EF PKCS15-SKDF {
file-id = 7003;
ACL = *=NEVER;
ACL = WRITE=SCB0x12, UPDATE=SCB0x12, READ=NONE;
}
EF PKCS15-CDF {
file-id = 7005;
ACL = WRITE=SCB0x12, UPDATE=SCB0x12, READ=NONE;
}
EF PKCS15-DODF {
file-id = 7006;
ACL = *=NEVER;
ACL = WRITE=SCB0x12, UPDATE=SCB0x12, READ=NONE;
}
template key-domain {
# Private RSA keys
BSO private-key {
ACL = *=NEVER;
ACL = UPDATE=COUCOUx12;
ACL = UPDATE=SCB0x12, READ=NONE;
ACL = PSO-COMPUTE-SIGNATURE=SCB0x12, INTERNAL-AUTHENTICATE=SCB0x12, PSO-DECRYPT=SCB0x12, GENERATE=SCB0x12;
}
# Private DES keys
BSO private-des {
size = 24; # 192 bits
# READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM
}
# Private data
EF private-data {
file-id = E000;
ACL = *=NEVER;
ACL = WRITE=SCB0x12, UPDATE=SCB0x12, READ=SCB0x12;
}
# Certificate
EF certificate {
file-id = 3401;
ACL = *=NEVER;
ACL = UPDATE=SCB0x12, READ=NONE, DELETE=NONE;
}
#Public Key
BSO public-key {
ACL = *=NEVER;
ACL = AUTHENTICATE=SCB0x12, GENERATE=SCB0x12, UPDATE=SCB0x12, READ=NONE;
}
# Public DES keys
BSO public-des {
size = 24; # 192 bits
ACL = *=NONE;
}
# Public data
EF public-data {
file-id = F000;
ACL = *=NONE;
}
}
}
}
}

179
src/pkcs15init/iasecc_generic_pki.profile Normal file
View File

@ -0,0 +1,179 @@
#
# PKCS15 r/w profile
#
cardinfo {
label = "IAS/ECC Generic PKI application";
manufacturer = "IAS/ECC OpenSC";
max-pin-length = 4;
min-pin-length = 4;
pin-encoding = ascii-numeric;
pin-pad-char = 0xFF;
}
pkcs15 {
# Put certificates into the CDF itself?
direct-certificates = no;
# Put the DF length into the ODF file?
encode-df-length = no;
# Have a lastUpdate field in the EF(TokenInfo)?
do-last-update = yes;
}
option ecc {
macros {
odf-size = 96;
aodf-size = 300;
cdf-size = 3000;
prkdf-size = 6700;
pukdf-size = 2300;
dodf-size = 3000;
skdf-size = 3000;
}
}
# Define reasonable limits for PINs and PUK
# Note that we do not set a file path or reference
# here; that is done dynamically.
PIN user-pin {
attempts = 5;
max-length = 4;
min-length = 4;
flags = 0x10; # initialized
reference = 0xC1;
}
PIN so-pin {
auth-id = FF;
attempts = 5;
max-length = 4;
min-length = 4;
flags = 0xB2;
reference = 2
}
# CHV5 used for Oberthur's specifique access condition "PIN or SOPIN"
# Any value for this pin can given, when the OpenSC tools are asking for.
# Additional filesystem info.
# This is added to the file system info specified in the
# main profile.
filesystem {
DF MF {
ACL = *=CHV4;
path = 3F00;
type = DF;
# This is the DIR file
EF DIR {
type = EF;
file-id = 2F00;
size = 128;
acl = *=NONE;
}
# Here comes the application DF
DF PKCS15-AppDF {
type = DF;
exclusive-aid = E8:28:BD:08:0F:D2:50:47:65:6E:65:72:69:63;
acl = *=NONE;
size = 5000;
EF PKCS15-ODF {
file-id = 5031;
size = 96;
ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE;
}
EF PKCS15-TokenInfo {
file-id = 5032;
ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE;
}
EF PKCS15-AODF {
file-id = 7001;
size = 300;
ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE;
}
EF PKCS15-PrKDF {
file-id = 7002;
size = 6700;
ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE;
}
EF PKCS15-PuKDF {
file-id = 7004;
size = 2300;
ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE;
}
EF PKCS15-SKDF {
file-id = 7003;
size = 3000;
ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE;
}
EF PKCS15-CDF {
file-id = 7005;
size = 3000;
ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE;
}
EF PKCS15-DODF {
file-id = 7006;
size = 3000;
ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE;
}
template key-domain {
# Private RSA keys
BSO private-key {
ACL = *=NEVER;
ACL = UPDATE=SCBx13, READ=NONE;
ACL = PSO-DECRYPT=SCBx13, INTERNAL-AUTHENTICATE=SCBx13, GENERATE=SCBx13;
}
# Private DES keys
BSO private-des {
size = 24; # 192 bits
# READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM
}
# Private data
EF private-data {
file-id = E000;
size = 36;
ACL = *=NONE;
ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=SCBx13;
}
# Certificate
EF certificate {
file-id = B000;
ACL = *=NEVER;
ACL = UPDATE=SCBx13, READ=NONE, DELETE=NONE;
}
#Public Key
BSO public-key {
ACL = *=NEVER;
ACL = INTERNAL-AUTHENTICATE=SCBx13, GENERATE=SCBx13, UPDATE=SCBx13, READ=NONE;
}
# Public DES keys
BSO public-des {
size = 24; # 192 bits
ACL = *=NONE;
}
# Public data
EF public-data {
file-id = F000;
ACL = *=NONE;
ACL = WRITE=SCBx13, UPDATE=SCBx13, DELETE=NONE;
}
}
}
}
}

1527
src/pkcs15init/pkcs15-iasecc.c Normal file
View File

File diff suppressed because it is too large Load Diff